Cybersecurity is important because it protects all categories of data from theft and damage. This includes sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems.
Without a cybersecurity program, your organization cannot defend itself against data breach campaigns, which makes it an irresistible target for cybercriminals.
Both inherent risk and residual risk is increasing, driven by global connectivity and usage of cloud services, like Amazon Web Services, to store sensitive data and personal information. Widespread poor configuration of cloud services paired with increasingly sophisticated cyber criminals means the risk that your organization suffers from a successful cyber attack or data breach is on the rise.
Business leaders can no longer solely rely on out-of-the-box cybersecurity solutions like antivirus software and firewalls, cybercriminals are getting smarter and their tactics are becoming more resilient to conventional cyber defences.
Cyber threats can come from any level of your organization. Workplaces must include cybersecurity awareness training to educate staff about common cyber threats like social engineering scams, phishing, ransomware attacks (think WannaCry), and other malware designed to steal intellectual property or personal data.
The proliferation of data breaches means that cybersecurity is not just relevant to heavily regulated industries, like healthcare. Even small businesses are at risk of suffering irrecoverable reputational damage following a data breach.
To help you understand the importance of cyber security, we've compiled a post explaining the different elements of cybercrime you may not be aware of.
If you're not yet worried about cybersecurity risks, you should be.
What is Cybersecurity?
Cybersecurity is the state or process of protecting and recovering computer systems, networks, devices, and programs from any type of cyber attack. Cyber attacks are an increasingly sophisticated and evolving danger to your sensitive data, as attackers employ new methods powered by social engineering and artificial intelligence (AI) to circumvent traditional data security controls.
The fact of the matter is the world is increasingly reliant on technology and this reliance will continue as we introduce the next generation of new technology that will have access to our connected devices via Bluetooth and Wi-Fi.
To keep customer data protected while embracing new technology, intelligent cloud security solutions should be implemented alongside strong passwords policies like multi-factor authentication to mitigate unauthorized access.
The Importance of Cybersecurity
Cybersecurity's importance is on the rise. Fundamentally, our society is more technologically reliant than ever before and there is no sign that this trend will slow. Data leaks that could result in identity theft are now publicly posted on social media accounts. Sensitive information like social security numbers, credit card information and bank account details are now stored in cloud storage services like Dropbox or Google Drive.
The fact of the matter is whether you are an individual, small business or large multinational, you rely on computer systems every day. Pair this with the rise in cloud services, poor cloud service security, smartphones and the Internet of Things (IoT) and we have a myriad of potential security vulnerabilities that didn't exist a few decades ago. We need to understand the difference between cybersecurity and information security, even though the skillsets are becoming more similar.
Governments around the world are bringing more attention to cybercrimes. GDPR is a great example. It has increased the reputational damage of data breaches by forcing all organizations that operate in the EU to:
- Communicate data breaches
- Appoint a data protection officer
- Require user consent to process information
- Anonymize data for privacy
The trend towards public disclosure is not limited to Europe. While there are no national laws overseeing data breach disclosure in the United States, there are data breach laws in all 50 states. Commonalities include:
- The requirement to notify those affect as soon as possible
- Let the government know as soon as possible
- Pay some sort of fine
California was the first state to regulate data breach disclosures in 2003, requiring persons or businesses to notify those affected "without reasonable delay" and "immediately following discovery". Victims can sue for up to $750 and companies can be fined up to $7,500 per victim.
This has driven standards boards like the National Institute of Standards and Technology (NIST) to release frameworks to help organizations understand their security risks, improve cybersecurity measures, and prevent cyber attacks.
Why is Cybercrime Increasing?
Information theft is the most expensive and fastest-growing segment of cybercrime. Largely driven by the increasing exposure of identity information to the web via cloud services.
But it's not the only target. Industrial controls that manage power grids and other infrastructure can be disrupted or destroyed. And identity theft isn't the only goal, cyber attacks may aim to compromise data integrity (destroy or change data) to breed distrust in an organization or government.
Cybercriminals are becoming more sophisticated, changing what they target, how they affect organizations and their methods of attack for different security systems.
Social engineering remains the easiest form of cyber attack with ransomware, phishing, and spyware being the easiest form of entry. Third-party and fourth-party vendors who process your data and have poor cybersecurity practices are another common attack vector, making vendor risk management and third-party risk management all the more important.
According to the Ninth Annual Cost of Cybercrime Study from Accenture and the Ponemon Institute, the average cost of cybercrime for an organization has increased by $1.4 million over the last year to $13.0 million and the average number of data breaches rose by 11 percent to 145. Information risk management has never been more important.
Data breaches can involve financial information like credit card numbers or bank account details, protected health information (PHI), personally identifiable information (PII), trade secrets, intellectual property and other targets of industrial espionage. Other terms for data breaches include unintentional information disclosure, data leak, cloud leak, information leakage or a data spill.
Other factors driving the growth in cybercrime include:
- The distributed nature of the Internet
- The ability for cybercriminals to attack targets outside their jurisdiction makes policing extremely difficult
- Increasing profitability and ease of commerce on the dark web
- The proliferation of mobile devices and the Internet of Things.
What is the Impact of Cybercrime?
There are many factors that contribute to the cost of cybercrime. Each of these factors can be attributed to a poor focus on best cybersecurity practices.
A lack of focus on cybersecurity can damage your business in a range of ways including:
Theft of intellectual property, corporate information, disruption in trading and the cost of repairing damaged systems
Loss of consumer trust, loss of current and future customers to competitors and poor media coverage
GDPR and other data breach laws mean that your organization could suffer from regulatory fines or sanctions as a result of cybercrimes.
All businesses, regardless of the size, must ensure all staff understand cybersecurity threats and how to mitigate them. This should include regular training and a framework to work with to that aims to reduce the risk of data leaks or data breaches.
Given the nature of cybercrime and how difficult it can be to detect, it is difficult to understand the direct and indirect costs of many security breaches. This doesn't mean the reputational damage of even a small data breach or other security event is not large. If anything, consumers expect increasingly sophisticated cybersecurity measures as time goes on.
How to Protect your Organization Against Cybercrime
There are simple steps you can take you to increase security and reduce risk of cybercrime:
Human error was the cause of 90% of data breaches in 2019. This concerning statistic, however, has a silver lining. If staff are taught how to identify and correctly respond to cyber threats, the majority of data breach incidents could be avoided. Such educational programs could also increase the value of all cybersecurity solution investments because it would prevent staff from unknowingly bypassing expensive security controls to facilitate cybercrime.
The following resources can be used for cyber threat awareness training in the workplace:
- What is a cyber threat?
- What is a data breach?
- What is social engineering?
- What are phishing attacks?
- What is clickjacking?
- What is typosquatting?
- What is a DDoS attack?
- What is Ransomware-as-a-Service (RaaS)?
- What is Threat Intelligence?
Protect Your Sensitive Data
Invest in tools that limit information loss, monitor your third-party risk and fourth-party vendor risk and continuously scan for data exposure and leaked credentials. Data leaks, if left unattended, could help cybercriminals gain access to internal networks and breach sensitive resources. It's important to implement a data leak discovery solution capable of also monitoring leaks throughout the third-party network.
Almost 60% of data breaches occur via compromised third-party providers, so by shutting down vendor data leaks, the majority of data breach incidents can be avoided.
Implement a Third-Party Risk Management (TPRM) Solution
Companies should no longer be asking why is cybersecurity important, but how can I ensure my organization's cybersecurity practices are sufficient to comply with GDPR and other regulation and to protect my business against sophisticated cyber attacks.
There are also practical strategies that you can take to reduce the cybersecurity risk for your organization.
Examples of Damages to Companies Affected by Cyber Attacks and Data Breaches
The amount of cyber attacks and data breaches in recent years is staggering and it's easy to produce a laundry list of companies who are household names that have been affected.
Here are just a few examples. For the complete list, see our biggest data breaches post.
The Equifax cybercrime identity theft event affected approximately 145.5 million U.S. consumers along with 400,000-44 million British residents and 19,000 Canadian residents. Equifax shares dropped 13% in early trading the day after the breach and numerous lawsuits were filed against Equifax as a result of the breach. Not to mention the reputational damage that Equifax suffered. On July 22 2019, Equifax agreed to a settlement with the FTC which included a $300 million fund for victim compensation, $175m for states and territories in the agreement and $100 million in fines.
Between February and March 2014, eBay was the victim of a breach of encrypted passwords, which resulted in asking all of its 145 million users to reset their password. Attackers used a small set of employee credentials to access this trove of user data. The stolen information included encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth. The breach was disclosed in May 2014, after a month-long investigation by eBay.
Adult Friend Finder
In October 2016, hackers collected 20 years of data on six databases that included names, email addresses and passwords for The FriendFinder Network. The FriendFinder Network includes websites like Adult Friend Finder, Penthouse.com, Cams.com, iCams.com and Stripshow.com. Most of the passwords were protected only by the weak SHA-1 hashing algorithm, which meant that 99% of them had been cracked by the time LeakedSource.com published its analysis of the entire data set on November 14.
Yahoo disclosed that a breach in August 2013 by a group of hackers had compromised 1 billion accounts. In this instance, security questions and answers were also compromised, increasing the risk of identity theft. The breach was first reported by Yahoo on December 14, 2016, and forced all affected users to change passwords and to reenter any unencrypted security questions and answers to make them encrypted in the future. However, by October of 2017, Yahoo changed the estimate to 3 billion user accounts. An investigation revealed that users' passwords in clear text, payment card data and bank information were not stolen. Nonetheless, this remains one of the largest data breaches of this type in history.
While these are a few examples of high-profile data breaches, it's important to remember that there are even more that never made it to the front page.
Is Your Business at Risk of a Data Breach?
UpGuard also offers third-party data leak protection that can be entrusted to a team of cybersecurity professionals to facilitate rapid security program scaling.
Test the security of your website, click here to get your free instant security score now!